[coreboot] How Coreboot can help in malware reverse engineering ?

[Jean-Francois Agneessens]

Hello list,

I found this project two days ago and I like it. While I am not a
programming expert, I do have some interest in this project because I want
to understand BIOS more in-depth. I am reading right now the "BIOS
disassembly ninjustu uncovered" and I am looking in BIOS modification to
help the process of Malware Reverse Engineering. By having a "side" access
to the BIOS while the OS is running, I am wondering if I could have an
access to the RAM to allow some sort of low level debugging that would be
unnoticed. By side access, It could be like redirecting ACPI events to
actually dump the content of the memory on a harddrive which is only seen by
the BIOS for instance, or having some sort of console connection straight on
the BIOS (serial port ?) to allow to freeze the host when a specific part of
the memory is being accessed (breakpoint on hardware level).Note that most
of the malware are running on Windows, si I have to be able to use windows
as OS.

I am very new in the BIOS world and I am far from being an expert on reverse
engineering, so I hope that what I am saying is not just garbage but can
actually be done with some coding effort. Do not hesitate to tell me your
thoughts about this idea

Anyway, glad to be a member of this list, and I hope to be helpful.

Kind regards,

---------------------------------------
Jean-François Agneessens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20081029/757f770b/attachment.html>